> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mangopay.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tokenize the card

This call sends the necessary information to a PCI-DSS-compliant tokenization server without reaching Mangopay’s servers.

The URL to use for this endpoint is returned in the `CardRegistrationURL` parameter on the <a href="/api-reference/card-registrations/create-card-registration">POST Create a Card Registration</a> call.

The request must be made using the “application/x-www-form-urlencoded" content type.

<Note>
  **Note – Do not hardcode the URL**

  The `CardRegistrationURL` is specific to each payment. You must rely on the returned URL in full (host, path, and queries) and not hardcode any part of it.
</Note>

<Warning>
  **Caution – Card details must never pass via your server**

  For security reasons, it is strictly forbidden to send the card details to your own server. You must rely on the dedicated PCI-DSS-compliant tokenization server by using the endpoint provided.
</Warning>

### Body parameters

<ParamField body="accessKeyRef" type="string" required>
  The value of the `AccessKey` attribute returned when creating a Card Registration.
</ParamField>

<ParamField body="data" type="string" required>
  The value of the `PreregistrationData` attribute returned when creating a Card Registration.
</ParamField>

<ParamField body="cardNumber" type="string" required>
  The number of the card to be tokenized.
</ParamField>

<ParamField body="cardExpirationDate" type="string" required>
  Format: “MMYY”

  The expiration date of the card.
</ParamField>

<ParamField body="cardCvx" type="string" required>
  The card verification code (CVC) or card verification value (CVV), typically 3 digits found on the back of the card.

  AMEX codes are 4 digits and are called card identification (CID) numbers.

  For cards that don't have a CVC, such as Maestro, use `000` or `999`.
</ParamField>

### Responses

<AccordionGroup>
  <Accordion title="200">
    The string returned by the tokenization server. This string must be sent in full as the `RegistrationData` on the <a href="/api-reference/card-registrations/update-card-registration">PUT Update a Card Registration</a> endpoint to create the Card object.
  </Accordion>
</AccordionGroup>

<ResponseExample>
  ```json 200   theme={null}
  data=acIcnwwLleiAvlZUea5VxYT1eCIn3MER8jyZXr-p8Bzb4Rm8GIA0MQtPs2NL7zPzPO_I7EjQm-m92V909JUL6KT-PmPzJfAQZV_8PIz6wKvjorGNaNd8Mg1rqN6eBpS5Nx0xgKTVnyDj15oG8jR875  
  ```
</ResponseExample>

<RequestExample>
  ```python cURL theme={null}
  curl -X POST {CardRegistrationURL} \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d '{
    "accessKeyRef": "ehvrHoPE6FpjCCAgmNvg",
    "data": "lhOJ6CFiDJPCXViyHjfcayh92nouB3AAaB5yqiLCBT6yjkLPCptmxsUdfffAc6EE4uj9AuSfmwbdfKN3BMechzUU3Gz8ectEx70TDeupudr",
    "cardNumber": "4970105181818183",
    "cardExpirationDate": "1229",
    "cardCvx": "123"
  }'
  ```
</RequestExample>